.Loading..Loading.
Readme Rev
Service Updates
When the downloaded patch is run, it will extract to a folder and there will be zip files. Those files should be extracted and then Setup.exe can be run. This table outlines the names of the zip files and where they should be run.
Component | Core/Console | Client |
---|
Installation Instructions
The following outlines instructions for installing this update.
This patch requires that Ivanti Endpoint Manager 2022 be installed. For more information about current service packs please see Ivanti Community Doc 1001
Installing on the Core and Rollup Core
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
Prior to installing a patch on the Core Server it is recommended to make a backup of the Ivanti database.
Steps
- Disable any services on other machines that interact with the Core Server
- Double-click on the self-extracting executable and extract it
- Extract the files for the Core patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required
- After applying the patch, you may need to re-activate your Core Server using the Core Server Activation Utility
- Restart any services stopped in Step 1
Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the \ManagementSuite\log folder.
Installing on Remote Consoles
A Remote Console is any machine that is not the Core Server and has the Ivanti Endpoint Manager Console installed. Console Machines need to be updated to be able to connect to the updated Core Server and Database.
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
Steps
- Close the Console
- Double-click on the self-extracting executable and extract it
- Extract the files for the appropriate patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required
Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the \ManagementSuite\log folder.
Updating the Agent
The patch should be installed on the Core Server before updating Agents
Use one of the following methods to re-deploy the agent once the patch has been applied to the Core or to apply the patch manually.
Methods of agent deployment
-
Manual: Map a drive to \\Coreserver\ldlogon and run 'wscfg32.exe -f'
This is used for single client installs and testing - Push: Schedule a push of the full agent
- Self-Contained EXE: Create an EXE that can be installed
- Advance Agent: This is a two stage process. The Advance Agent consists of a small MSI and a self-contained EXE. The MSI is deploy to the client and then the MSI downloads and installs the EXE. This allows for bandwidth friendly downloads.
For more information on agent configuration and deployment see Ivanti Community Doc 23482
Manual installation of the client patch
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
- Double-click on the self-extracting executable and extract it
- Extract the files for the appropriate patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required.
Updating the Agent With Patch Manager
Ivanti Patch Manager can also be used to update agent machines with the patch. Content and definitions can be found in Patch Manager as Ivanti Updates and can be used to detect and repair agents that have not been updated. The Core Server must be updated with the Core patch before updating agents.
Not all Component Patches will have Patch Manager Content created. Once it is generally available, this method can be used to update agents. For more information about updating agents using Ivanti Patch Manager see Ivanti Community Doc 24384
Release Information
Please review the following important information about this release BEFORE installing this update.
Feature Changes and Updates
The following features have been changed or updated
Agent Common
-
761534 Beta Version EPM Self-Updating, Self-Healing Agent
-
We are continuing to expand the "Beta" version of our new Engine Based Agent. This is designed to be self-healing and self-updating. It will include reports on each of the component engines on all clients in the console. To enable this feature, you must add this new registry key before starting your console. [HKEY_LOCAL_MACHINE\SOFTWARE\Ivanti\ManagementSuite] "EnableNewAgent"=dword:00000001
- Here is a link to a Community Article: Ivanti EPM Engine Based Agent Information
- You can now easily deploy the Engine-Based Agent to existing agents via a new SWD package type.
- On upgrade from old agent type, EBA will keep the currently applied agent config unless an assignment has been made on the core.
- Full upgrade abilities have been enabled in this release.
- Any SU applied will cause the agent to be able to upgrade the installer, update service, and engines.
- EBA downloads (from core) and installs .Net 4.8 if not already installed.
- Right click option to “Force agent check in”.
- Individual engines don’t show up in add/remove programs
- CBA
- BaseEngine (New to the Engine Based Engine)
- Patch
- Inventory
- Remote Control
- Software Distribution
- Shared Files
- Notifications Manager
- Bitdefender Antivirus
- AMT
- Provisioning
- Endpoint Security
- Application Monitor
- Privilege Management
- Antivirus Engine
- Alerting
- Real-time Monitoring
-
Autopilot
-
923346 Allow PowerShell scripts to set the device name during Autopilot hybrid-join provisioning
- Allow device naming via a customer-supplied PowerShell script. Because Microsoft Autopilot does not allow us to customize device naming during AAD-join provisioning, this feature only applies to hybrid-join provisioning. We control the process of naming the device during hybrid-join provisioning.
-
923395 Add Product Code detection rule support to Autopilot
-
- Admins can create a product code and it auto-populates a single field with the product code it finds in the selected MSI file.
- The Application configuration UI now provides the ability to create an MSI (Product Code) Detection rule.
- The UI extracts the product code from an .msi file or .msi file wrapped in the .intunewin format
- The Detection rule indicates the app is installed if the product code is found in the registry or not installed if not found
- We do not display the msi product code option for non-msi applications
- The product code is saved in the azure application record so if a user wants to add an msi rule after initially creating the app they can
- When editing an app that was created in a prior version and therefore does NOT have it's product code saved, we try to get the product code out of the file in the same filepath the original msi was in. Warn the user that if they changed the msi the product code won't be correct. If there isn't a file in the original filepath then just don't attempt to get a product code and let the user know.
-
Core Sync
-
805866 Support in Core Sync for N-1 version
- Core Sync can now sync objects from an older version of EPM to a newer version. Starting with EPM 2022 SU1 you can core sync the current version and one version back.
Data Analytics
-
797107 Remove Silverlight from Data Analytics (DA)
-
There are 5 Dashboard reports that were using a Silverlight wrapper to generate charts for each of the dashboard reports. These reports are now available in the new web console now without having to install Silverlight.
These include:
- Memory Dashboard
- Patch Dashboard
- Processor BarChart Dashboard
- Processor Dashboard
- Server Dashboard
-
There are 5 Dashboard reports that were using a Silverlight wrapper to generate charts for each of the dashboard reports. These reports are now available in the new web console now without having to install Silverlight.
These include:
Diagnostics Tool
-
910736 Beta Version Add EPM Troubleshooting Tool as a Beta Feature
-
Added a new UI that collects all the logs into one UI. Displays all logs under the logs folder in chronological order. The logs are filterable by Log name, Time, and Severity. The logs can be toggled on and off or you can quick search all logs by type.
It ships hidden by default and can be accessed one of two ways:
- Run Ivanti.ManagementSuite.Troubleshooting.exe under the ManagementSuite folder
- It can also be added to the Console's Help menu by setting this registry key:
- HKLM\Software\lvanti\Managementsuite-EnableTroubleshooting=1
-
Added a new UI that collects all the logs into one UI. Displays all logs under the logs folder in chronological order. The logs are filterable by Log name, Time, and Severity. The logs can be toggled on and off or you can quick search all logs by type.
It ships hidden by default and can be accessed one of two ways:
Inventory
-
933414 Inventory entry for Installed Antivirus products
-
The inventory location (BNF) is Computer / Security / Antivirus Software / Product, this will report the presence of any Antivirus software products installed on Windows Workstations.
**The WMI data that we are gathering for this does NOT exist on Windows server OS.
-
The inventory location (BNF) is Computer / Security / Antivirus Software / Product, this will report the presence of any Antivirus software products installed on Windows Workstations.
Mac
-
917631 Add Inventory Support for Mac Agent Behaviors
- Admins can now see what agent behaviors are set for each endpoint.
-
926871 Add Inventory support for Reporting on managed kernel and system extensions through EPM for Intel and M1 Macs
- Mac kernel and system extensions information has been added to inventory
Patch Manager
-
874058 Add support for Oracle Linux OS
-
EPM now supports Oracle Linux OS like the other Linux OSs
Including the following:
- Inventory data
- Software Distribution
- Patch
- In addition all vulnerabilities are registered in Scan folder in Patch and Compliance menu
- Vulnerability properties -> Package properties
- Patch Repair tasks
- The log file is located here: C:\Program Files\LANDesk\ManagementSuite\log\WSVulnerabilityCore.dll.log
-
EPM now supports Oracle Linux OS like the other Linux OSs
Including the following:
-
907145 Add ability to Create Custom Patch Campaigns
-
We are now able to create a Patch Campaign for a custom patch group.
Additional highlights
- Custom Patch Campaigns won’t repeat.
- Global Autofix can be set for the vulnerabilities included in that campaign, after the campaign has ended.
-
We are now able to create a Patch Campaign for a custom patch group.
Additional highlights
-
907146 Add patching for Microsoft Office LTSC 2021
- Able to patch Office LTSC 2021 with Multi-select configuration options.
Provisioning
-
487016 Support latest OSs in HII including Windows Server 2016+ & Windows 10+
-
- Provisioning support for Server 2016, Server 2019, Server 2022, latest Win 10 versions, Win 11.
- Enhanced the provisioning workflow to display all supported OS.
- Improved server and client logging.
- Added an EPM Console warning regarding “unsigned drivers” when performing HII Provisioning Template Actions. Unsigned drivers will not load when Windows Secure Boot is enabled.
-
Software Distribution
-
869356 SWD package location should default to use https
- We now default to the more secure https for the "files". You can manually enter http if needed.
-
931285 Add a Default Package Timeout
- You can now specify a global default for package installation timeout. (Applies only to new packages). Windows Actions now supports installation timeout setting
Web Console 2.0
-
907174 Pagination
- Supports pagination of long lists
-
907176 Export
- Able to export a list so that you can work on it offline and take advantage of the customization feature of Excel or other formats.
-
907178 Notification Panel
- Able to see a list of recent notifications of actions initiated from the web console.
-
907180 Several UX Improvements
- Several UX updates made to the Web Console.
-
911065 Physical (NIC) Address information
- Added the information about MAC address in the Network Card of the Device Additional Details
Defects Fixed
Console
-
922283 Auditing not properly capturing the Console user who initializes the command
- Audit logs enhanced to show the name of the console user who initiated a remote command to a managed device instead of "NT AUTHORITY\NETWORK SERVICE"
Firewall
-
926626 Agent installation fails if the Windows Defender Firewall Service "MPSSVC" is disabled.
- When the Windows Defender Firewall Service "MPSSVC" is disabled, the agent install will no longer attempt to modify the firewall and will continue installation as expected.
Inventory
-
929834 Inventory is flagging Azure virtual desktops as servers.
- Fixed Inventory to show Azure virtual desktop devices as workstation type.
-
903050 Wildcard entries are duplicated in ldappl3.ini
- Fixed Inventory to only show single entries for wildcard items in the ldappl3.ini
Mac
-
868275 Mac Profiles are not being collected in Inventory Scans
- The new inventory scanner properly reports configuration profiles
-
912271 When the Mac agent installs the com.landesk.ldms.plist file is not properly updated which causes Inventory to be incorrect.
- Agent installs now update the plist to the correct parameters.
-
917217 EPM Mac Agent installer doesn't delete agent settings hash files when upgrading.
- Installer now deletes the old settings hash files before upgrading.
-
917631 Installing new Mac agent does not pull new settings
- The old hash files used to track changes to the agent behavior files are deleted as part of the new agent install, so that agent settings are properly used to update the various agent components
-
919116 Mac RC "permission required" checkbox is unchecked in Ivanti agent UI even though it is checked on Core.
- The new Ivanti Agent Tool properly displays the settings downloaded from the core server
-
919118 RC shows version "z" in Ivanti agent UI on mac client
- The new Ivanti Agent Tool queries IVRemoteControl to obtain the correct version
-
919119 RC shows status: "Stopped" in Ivanti agent UI on mac even though RC is actively being used on the mac client
- The new Ivanti Agent Tool queries IVRemoteControl to obtain the correct state of IVRemoteControl
-
919120 Inventory scan last run is not being updated on Ivanti agent UI on the mac client
- Inventory Scanner now updates Last Run info correctly.
-
919121 CBA version is showing old 11.0.4.253 after upgrade to EPM 2022
- Updated the build to build 11.0.5.
-
919124 EPM Mac Agent user interface is not being updated in real time.
- The agent user interface updates in real time.
-
930674 HTML5 RC icon in Console Network view should no longer be showing up for Mac machines
- Removed the old RC/HTML5 icons and all files associated with the Legacy RC and HTML5 RC.
MBSDK
-
861566 MBSDK Add Device to scheduled task writes data into DB without validating
- Validate numeric input to see if the input number is a valid computer id in computer table.
-
873886 /distributionapi/api/v1/RebootSettings returns Distribution and Patch info instead
- When enumerate reboot settings from database, use already created object that is initialized with reboot setting behavior, not creating default agent behavior object without specific agent behavior type.
-
879607 Postman tasks via DistributionAPI Swagger API fails with 403 when the account credentials used is non-admin
- When the tokens are created for the API, please ensure that User used for token creation has the rights in EPM corresponding the API action. For example, when querying the API for reboot settings, make sure the user has EPM Console rights under Agent Set
Patch Manager
-
912477 Agent Service Update via patch manager repair task returns a failure message when the remote-control component is not installed
- Agents are correctly updated, and repair task is successful, using Ivanti SU definitions.
-
923221 Cannot see all the parameters under Distribution/Patch settings -> Patch only settings due to Screen \ Display Resolution Size
- For resolution set to 1280 x 800 (around 720p) in Distribution and Patch > Patch Only agent settings options: all settings are now visible.
-
923340 Patch campaign not updating
- In Patch Automation, Patch Campaigns are updated without errors.
-
929394 Patch Tuesday campaigns say they are started and no progress.
- In Patch Automation - Patch Tuesday campaigns were fixed to work as expected.
-
935234 Patch downloads failing when URL is using a mirror site.
- In Patch and Compliance - Patch download is extended to work also for URLs that are using mirror sites.
-
942570 Filter Definitions- OS versions do not display
- Download updates>Filter Definitions, OS tab filters are now correctly populated.
Provisioning
-
849805 Disconnected Provisioning Template Takes a Long Time to Start
- When using a disconnected template, we no longer retry obtaining the client cert if the first attempt fails. Sensitive variables and other secrets will not be accessible in this case.
-
874217 The Delete File action in OS Provisioning templates doesn't delete files over 2147483647 bytes
- We changed to use a 64 bit file structure (instead of 32 bit) to allow reading of large file sizes.
-
882474 PXE Services do not restart after shutting down because of loss of communication with core server
- Using PXE_SVC_WIN registry key will force the node to win the election and stay elected even when unable to contact the core. It will resume reporting when connectivity is re-established.
Remote Control
-
919715 EPM 2022 RCViewer isn't Getting Upgraded when Upgrading from Older Version
- RCViewer not being upgraded with the rest of the suite is resolved and will update as expected.
-
924934 Remote Control Floating Desktop icon/notification does not show the username of the user who initiated RC when the session is launched from Web Console 2.0
- The username of the session initiator is now passed to the Remote Control session when using Web Console 2.0 and appears on the floating notification as expected.
Reporting
-
944818 Health Dashboard "Unable to contact the core server" error.
- Changed the request to support HTTPS since the HTTP is now redirected to HTTPS
Software Distribution
-
804514 A standard EPM user with read-only rights on public packages is able to move a public package from public folder to their own folder then able to modify the said package inside their folder.
- If the user logged into the CORE console does NOT have "public edit" rights for Software Distribution (SWD) Packages, then they will NOT be able to "move" a SWD package to a Team or "MY" folder. They can only make a copy of it.
-
895548 Wrong messages showing on toast notifications when certain options are selected
- Fixed to show correct timeout action.
-
899434 Error when adding a folder to additional files on Windows Action packages - SWD
- We now check for null/empty primary file when getting a file list so that we handle the folder's structure properly.
-
920692 S3 bucket download failure of large file when in a subfolder of the share.
- Updated the path to be correct in all cases.
-
921061 SDMCache file retention issue. If the "Number of days files stay in cache" is over a certain number of days, the files are deleted daily.
- The value processed was changed to a larger variable type to handle much large retention values in days (which are converted to seconds). This means the files will be kept according to the settings in Client Connectivity Settings and correctly displayed
-
934186 Issue with task status when multicast and "Always reboot" setting is used.
- For reboot reconnect, do not try to download files that were already downloaded before reboot.
Web Console
-
908867 Web Console 2.0 Result column not accurate for some SWD task return codes
- The Web Console displays the Return Code and Result columns like it does in the desktop console.
XDD-UDD
-
912897 UDD Wireless Access Points "Mark as Allowed" does not do anything
- Fix the right click allow and not allow for WAPs. Also fix UDD scans putting APs in the right group.
Known Issues
Agent
-
Must restart computer to load or unload the EBA EPS driver.
- In this version of the new EBA EPS engine you must restart machine after EBA EPS install/uninstall for the EPS driver to load/unload
-
Issue when EBA agent replaces an existing WSCFG agent.
- Warning: There is a known issue with this installation method when it tries to uninstall a detected WSCFG agent from the device which will cause the installer to fail. As a temporary workaround manually uninstall the WSCFG agent from the device using uninstallwinclient.exe before installing an EBA installer generated from this method.
Core Server
-
Windows Server 2022 is not supported for EPM 2022 SU1.
- Microsoft has still not released a version of Server 2022 that resolves the .net issues, so it is not supported as an EPM core server OS.
Web Console 2.0
-
Set up certificate for Web Console 2.0
- Set up certificate for Web Console 2.0: https requirement. The core cert must be installed on the endpoint browsing the Web Console 2.0 in order to be https, otherwise it will try to use http.
-
Use FQDN of the core in the URL https: //core-name.domain.xxx/WebConsole
- Only FQDN (fully qualified domain name) name of the core is supported.